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DETAILED ACTION 

Claims 28-29, 32-41, 44-52, and 55-60 are pending in the current application. 

Specification 

1 . The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1 .75(d)(1 ) and MPEP § 608.01 (o). Correction 
of the following is required: claims 40-51 refer to a machine-readable storage medium, 
however the specification does not disclose a machine-readable storage medium. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 40-51 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claims 40-51 recite a "machine readable storage medium" and the specification 
fails to provide antecedent bases for this limitation [see objection to the specification 
above]. Without antecedent basis for "machine readable storage medium", it is unclear 
if the limitation intended to be the same as the storage media described as part of the 
disclosed program product or whether it's intended to be broader than the disclosed 
storage media. It is believed that the limitation "machine readable storage medium" is 
intended to claim something broader than the disclosed storage media and cover 
signals, waves and other forms of transmission media, that carry instructions. In 
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addition, in accordance with Applicant's specification Applicant discloses a machine 
readable medium which may be acoustic or light waves, such as those generated 
during radio-wave and infra-red data communications or carrier wave (as disclosed on 
paragraphs [0092]-[0093] of Applicant's specification). Therefore, the limitation 
"machine readable storage medium" is not limited to physical articles or objects which 
constitute a manufacture within the meaning of 35 USC 101 and enable any 
functionality of the instructions carried thereby to act as a computer component and 
realize their functionality. As such, the claim is not limited to statutory subject matter 
and is therefore non-statutory. 



Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 28-29, 32-41, 44-51, and 55-60 are rejected under 35 U.S.C. 112, first 
paragraph, as failing to comply with the written description requirement. The claim(s) 
contains subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the time the 
application was filed, had possession of the claimed invention. 



Claims 28, 40, and 52 the recitation of "wherein the first and second non-global 
zones are established by the OS kernel" is not disclosed in the specification. Thorough 
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review of the specification by the Examiner did not result in finding of the subject matter 
properly disclosed in the specification. 

Claims 29, 32-39, 41 , 44-51 and 55-60 are rejected since they are dependent on 
independent claims 28, 40, and 52. 

6. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claims 28-29, 32-41 , 44-51 , and 55-60 rejected under 35 U.S.C. 1 1 2, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

8. The term "established" in claims 1-2, 4, 8-9, 11, and 15 is a relative term which 
renders the claim indefinite. The term " established " is not defined by the claim, the 
specification does not provide a standard for ascertaining the requisite degree, and one 
of ordinary skill in the art would not be reasonably apprised of the scope of the 
invention. 

The first and second non-global zones are rendered indefinite by the use of the 
term "established". For purposes of examination the first and second non-global zones 
established by the OS kernel is interpreted as the first and second non-global zones file 
installation is assisted by the OS kernel. 

Claims 29, 32-39, 41 , 44-51 and 55-60 are rejected since they are dependent on 
independent claims 28, 40, and 52. 
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Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 0. Claims 28-29, 32-41 , 44-52, and 55-60 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over 2002/0174215 A1 to Schaefer in view of WO 00/45262 to 
Susser et al. (hereinafter Susser), and further in view of 2003/0014466 A1 to Berger et 
al. (hereinafter Berger). 

11. As to claim 28, Schaefer teaches the invention substantially as claimed including 
a machine-implemented method, comprising: 

establishing, within a global operating system environment provided by an 
operating system (OS) kernel (Operating System 10, Fig. 1, paragraph [0013]), a first 
non-global zone which serves as a first virtual platform for supporting and isolating user 
processes (application 52, Fig. 2) (paragraphs [0018]-[0019]), 

establishing, within the global operating system environment, a second non- 
global zone which serves as a second virtual platform for supporting and isolating user 
processes (application 54, Fig. 2) (paragraphs [0018]-[0019]); and 

isolating the first set of one or more user processes (application 52, Fig. 2) within 
the first non-global zone and the second set of one or more user processes within the 
second non-global zone (application 54, Fig. 2) (paragraph [0012]). 
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Schaefer does not explicitly disclose wherein the first non-global zone is a 
separate and distinct OS partition of the global operating system environment having a 
first zone identifier associated therewith, and wherein the first non-global zone is 
established and exists without requiring any user processes to be running therein; 

wherein the second non global zone is a separate and distinct OS partition of the 
global operating system environment having a second zone identifier associated 
therewith, and wherein the second non-global zone is established and exists without 
requiring any user processes to be running therein; 

executing a first set of one or more user processes within the first non global 
zone, wherein each user process in the first set of user processes has the first zone 
identifier associated therewith; 

executing a second set of one or more user processes within the second non- 
global zone, wherein each user process in the second set of user processes has the 
second zone identifier associated therewith; 

the first set of one or more user processes cannot access processes in the 
second non-global zone and the second set of one or more user processes cannot 
access processes in the first non-global zone; and 

wherein the first and second non-global zones are established by the OS kernel, 
and wherein the OS kernel enforces zone boundaries to isolate the first set of one or 
more user processes within the first non-global zone and the second set of one or more 
user processes within the second non-global zone. 
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However Susser teaches wherein the first non-global zone having a first zone 
identifier associated therewith (e.g. Unique Name, page 1 1 , line 25), and wherein the 
first non-global zone is established and exists without requiring any user processes to 
be running therein (Context 1, 770, Fig. 7, page 11, lines 29-31); 

wherein the second non global zone having a second zone identifier associated 
therewith (e.g. Unique Name, page 1 1 , line 25), and wherein the second non-global 
zone is established and exists without requiring any user processes to be running 
therein (Context 2, 780, Fig. 7, page 1 1 , lines 29-31 ); 

executing a first set of one or more user processes within the first non global 
zone (Object 440, Fig. 9), wherein each user process in the first set of user processes 
has the first zone identifier associated therewith (page 1 1 , lines 25-27); 

executing a second set of one or more user processes within the second non- 
global zone (Object 640, 910, Fig. 9), wherein each user process in the second set of 
user processes has the second zone identifier associated therewith (page 1 1 , lines 25- 
27); and 

the first set of one or more user processes (Object 640, Fig. 6) cannot access 
processes in the second non-global zone (Object 636, Fig. 6) and the second set of one 
or more user processes cannot access processes in the first non-global zone (page 10, 
lines 26-31 and page 11, lines 1-2 and 13-14, e.g. Firewall, Context 1, 770, Context 2, 
780, Fig. 7). 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to have modified the OSGuard of Schaefer with the teachings of a 
Firewall from Susser because this feature would have provided a mechanism in which 
each context is separated from the other by a context barrier between the execution 
contexts (page 1 1 , lines 1 3-1 5 of Susser). 

In addition Berger teaches wherein the first non-global zone is a separate and 
distinct OS partition of the global operating system environment (paragraphs [0035]- 
[0036] and [0045]-[0046]); 

wherein the second non global zone is a separate and distinct OS partition of the 
global operating system environment (paragraphs [0035]-[0036] and [0045]-[0046]); and 

wherein the first and second non-global zones are established by the OS kernel 
(paragraph [0039]), and wherein the OS kernel enforces zone boundaries to isolate the 
first set of one or more user processes within the first non-global zone and the second 
set of one or more user processes within the second non-global zone (paragraph 
[0041]). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to have further modified the OS Guard of Schaefer as modified by 
Susser with the teachings of Compartment from Berger because this feature would 
have further provided a mechanism for groups of processes or threads which are limited 
to accessing certain subsets of system resources of a computer system, are semi- 
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isolated portions of a system, and a mechanism for mandatory protection of processes, 
files and network resources (paragraph [0035] of Berger). 

12. As to claim 29, Schaefer teaches the method of claim 28, wherein the kernel 
instance provides services (paragraph [0004]) that are invoked by the first set of user 
processes (paragraph [0012]), and wherein the services are invoked by the first set of 
user processes through the first virtual platform (paragraphs [0012] and [0019]). 

1 3. As to claim 32, Schaefer teaches the method of claim 28, wherein a first set of 
resources are associated with the first non-global zone and a second set of resources 
are associated with the second non-global zone (paragraphs [0019] and [0022]); 

wherein the first set of resources are accessed by the first set of user processes 
through the first virtual platform and the second set of resources are accessed by the 
second set of user processes through the second virtual platform (paragraphs [0014], 
[0019] and [0022]); and 

wherein the first set of resources and the second set of resources each include 
one or more resources from the group consisting of a network interface, a 
communications interface, a file system, a system console, a DASD address, and an 
operating system service process (paragraph [0022]). 
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14. As to claim 33, Schaefer as modified teaches the method of claim 32, wherein 
isolating the first set of user processes within the first non-global zone and the second 
set of user processes within the second non- global zone further comprises: 

preventing the first set of user processes (Object 640, Fig. 6 of Susser) from 
accessing the second set of resources associated with the second non global zone 
(Object 636, Fig. 6, page 10, lines 26-31 and page 11, lines 1-2 and 13-14, e.g. 
Firewall, Context 1 , 770, Context 2, 780, Fig. 7 of Susser); and 

preventing the second set of user processes from accessing the first set of 
resources associated with the first non-global zone (page 10, lines 26-31 and page 11, 
lines 1-2 and 13-14, e.g. Firewall, Context 1 , 770, Context 2, 780, Fig. 7 of Susser). 

1 5. As to claim 34, Schaefer teaches the method of claim 32, wherein executing the 
first set of user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone (application 52, Fig. 2, 
paragraph [0019] and [0023]), and wherein the method further comprises: 

receiving a command to halt the first non-global zone (paragraph [0024]); 

in response to the command to halt the first non-global zone (paragraph [0019]): 

terminating all user processes executing within the first non-global zone 
(unloading virtual environment, paragraph [0024]), thereby terminating the first 
application environment (paragraph [0023]); and 

disassociating the first set of resources from the first non-global zone (paragraph 
[0024]); 



Application/Control Number: 1 0/761 ,622 Page 1 1 

Art Unit: 2194 

wherein the second non-global zone is not affected by the command to halt the 
first non-global zone (paragraph [0019]). 

16. As to claim 35, Schaefer teaches the method of claim 32, wherein executing the 
first set of user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone (application 52, Fig. 2, 
paragraph [0019] and [0023]), and wherein the method further comprises: 

receiving a command to halt the first non-global zone (paragraph [0024]); 

in response to the command to halt the first non-global zone (paragraph [0019]): 

terminating all user processes executing within the first non-global zone 
(unloading virtual environment, paragraph [0024]), thereby terminating the first 
application environment (paragraph [0023]); and 

performing one or more tasks from the group consisting of stopping a scheduler 
process, unmounting one or more file systems, closing one or more network interfaces, 
and removing configurations for devices associated with the first non-global zone (e.g. 
unloading virtual environment, paragraphs [0022] and [0024]); 

wherein the second non-global zone is not affected by the command to halt the 
first non-global zone (paragraph [0019]). 

1 7. As to claim 36, Schaefer teaches the method of claim 28, further comprising: 
allowing a first administrator to manage processes and resources within the first 

non- global zone (paragraph [0062]), wherein the first administrator is not allowed to 



Application/Control Number: 10/761,622 Page 12 

Art Unit: 2194 

manage processes and resources within the second non-global zone (paragraphs 
[0033] and [0062]); and 

allowing a second administrator to manage processes and resources within the 
second non-global zone (paragraph [0062]), wherein the second administrator is not 
allowed to manage processes and resources within the first non-global zone 
(paragraphs [0033] and [0062]). 

18. As to claim 37, Schaefer as modified teaches the method of claim 28, wherein 
establishing the first non-global zone comprises: 

accessing configuration information associated with the first non-global zone 
(paragraphs [0024] and [0062] of Schaefer); 

installing files and directories necessary for the first non-global zone to function 
(paragraph [0024] of Schaefer); and 

readying the first non-global zone by performing one or more tasks from the 
group consisting of assigning the first zone identifier (e.g. Unique Name, page 1 1 , line 
25 of Susser), starting a scheduler process, establishing one or more network 
interfaces, mounting one or more file systems, initializing a system console, and 
configuring one or more devices (e.g. loading, paragraphs [0022] and [0024] of 
Schaefer); 

wherein readying the first non-global zone does not include executing user 
processes within the first non global zone (page 1 1 , lines 29-31 of Susser). 
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1 9. As to claim 38, Schaefer as modified teaches the method of claim 37, wherein 
the configuration information comprises one or more parameters from the group 
consisting of a zone name (e.g. Unique Name, page 1 1 , line 25 of Susser), a path to a 
root directory for the first non-global zone, specification of one or more file systems to 
be mounted when the first non-global zone is readied, specification of one or more 
network interfaces, specification of one or more devices to be configured when the first 
non global zone is readied, and specification of resource controls to be imposed on the 
first non-global zone (paragraph [0026] and [0040] of Schaefer). 

20. As to claim 39, Schaefer teaches the method of claim 28, wherein executing the 
first set of user processes within the first non-global zone comprises: 

executing an initialization process (Process Manager 1 20, Fig. 4, paragraph 
[0020]); and 

initializing, by the initialization process, execution of the first set of user 
processes (paragraphs [0022]-[0023]). 

21 . As to claims 40-41 , these claims are rejected for the same reasons as claims 28- 
39 respectively, since claims 40-41 recite the same or equivalent invention, see the 
rejections to claims 28-29 above. 
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22. As to claims 44-51 , these claims are rejected for the same reasons as claims 32- 
39 respectively, since claims 44-51 recite the same or equivalent invention, see the 
rejections to claims 32-39 above. 

23. As to claim 52, this claim is rejected for the same reasons as claim 1 since claim 
52 recites the same or equivalent invention, see the rejection to claim 1 above. 

24. As to claim 55-58, this claim is rejected for the same reasons as claim 32-35 
since claim 55-58 recites the same or equivalent invention, see the rejection to claim 
32-35 above. 

25. As to claims 59-60, these claims are rejected for the same reasons as claims 37- 
38 respectively, since claims 59-60 recite the same or equivalent invention, see the 
rejections to claims 37-38 above. 

Response to Arguments 

26. Applicant's arguments with respect to the 35 U.S.C. 101 rejection of claims 40-41 
and 44-51 have been fully considered but they are not persuasive. 

(1 ) Applicants would like to point out that, as they stand, claims 40-41 and 
44-51 do not recite a "machine-readable medium" but rather a "machine- 
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readable storage medium". It is well known that waves are transitory, and 
hence are incapable of storing anything (e.g. instructions, as recited in 
claims 40-41 and 44-51). Therefore, waves do not qualify as storage media. 
Since claims 40-41 and 44-51 specifically recite a "machine-readable 
storage medium", these claims do not encompass waves (page 18, lines 4- 
10). 

In response to argument (1), Applicant's arguments have been considered but 
Applicant's does not disclose a machine readable storage medium, only a machine 
readable medium is disclosed (paragraphs [0092]-[0093] Applicant's specification). See 
the 35 U.S.C. 101 rejection above. 

27. Applicant's arguments with respect to claims 28-29, 32-41 , and 44-52 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

28. The prior art made of record on the accompanying PTO-892 and not relied upon, 
is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KimbleAnn Verdi whose telephone number is (571)270- 
1654. The examiner can normally be reached on Monday-Friday 7:30am-5:00pm EST.. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai An can be reached on (571) 272-3756. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



March 29, 2008 
KV 



A/AN H NGUYEN/ 

Primary Examiner, Art Unit 2194 



